W3C home > Mailing lists > Public > public-rww@w3.org > August 2015

Re: (Pre-)Intent to Deprecate: <keygen> element and application/x-x509-*-cert MIME handling

From: Anders Rundgren <anders.rundgren.net@gmail.com>
Date: Sat, 1 Aug 2015 04:53:38 +0200
To: Timothy Holborn <timothy.holborn@gmail.com>, Cory Sabol <cssabol@uncg.edu>, public-webid <public-webid@w3.org>
Cc: Melvin Carvalho <melvincarvalho@gmail.com>, public-rww <public-rww@w3.org>
Message-ID: <55BC34B2.4060608@gmail.com>
If WebID is a URI, then the problem is then locating it :-(

WebID-TLS provided a solution to that problem, WebCrypto does not since it
(in contrast to https client cert authentication) conforms to the web security model (SOP).

Using WebCrypto you will need solutions like used by the following Dutch payment system:
https://www.ideal.nl/demo/en/?screens=dskweb
Turn to page 3.  Yech!

Obviously the Web architects have been sleeping under a rock the last 20 years or so.

Or maybe it is rather our fascination with super-providers like Facebook,
Gmail, and PayPal that makes the motivation for improving the Web's ability
dealing with federation and decentralization quite limited?

Anders

On 2015-08-01 04:19, Timothy Holborn wrote:
> Yup.
> On Fri, 31 Jul 2015 at 11:14 pm, Cory Sabol <cssabol@uncg.edu <mailto:cssabol@uncg.edu>> wrote:
>
>     Being that WebID is a URI, that would afford us a good deal of flexibility in what we can utilize, wouldn't it? So, some work could be conducted in coupling WebID with things such as WebCrypto.
>
>     On Fri, Jul 31, 2015 at 7:45 AM, Timothy Holborn <timothy.holborn@gmail.com <mailto:timothy.holborn@gmail.com>> wrote:
>
>         WebID is a URI
>
>
>         On 02:02, Fri, 31/07/2015 Melvin Carvalho <melvincarvalho@gmail.com <mailto:melvincarvalho@gmail.com>> wrote:
>
>             FYI: Google / Ryan Sleevi's comments on WebID
>
>             ---------- Forwarded message ----------
>             From: *Ryan Sleevi* <rsleevi@chromium.org <mailto:rsleevi@chromium.org>>
>             Date: 30 July 2015 at 17:53
>             Subject: Re: (Pre-)Intent to Deprecate: <keygen> element and application/x-x509-*-cert MIME handling
>             To: Melvin Carvalho <melvincarvalho@gmail.com <mailto:melvincarvalho@gmail.com>>
>             Cc: blink-dev <blink-dev@chromium.org <mailto:blink-dev@chromium.org>>
>
>
>
>             On Jul 30, 2015 7:42 AM, <melvincarvalho@gmail.com <mailto:melvincarvalho@gmail.com>> wrote:
>             >
>
>             >
>             > -1 KEYGEN is in use.
>             >
>             > This move will be severely detrimental several grass roots communities, such as the WebID community.
>             >
>             > [1]https://www.w3.org/community/webid/participants
>             >
>
>             This comment doesn't really address any of the technical concerns raised. WebID has repeatedly demonstrated a willingness to appropriate ill-suited technology, and has readily acknowledged that no browser implements the desired functionality for WebID to be successful.
>
>             WebID is still nascent, and readily admits it won't work with Edge. An alternative would be for WebID to proceed with standards that are actually widely used and have a viable chance at being usable - such as WebCrypto.
>
>             But it seems odd to hold a feature that was never fit to purpose nor working as desired hostage for experimental activity in a CG.
>
>
>
>
>
>     --
>     Regards,
>
>     -Cory Sabol
>     cssabol@uncg.edu <mailto:cssabol@uncg.edu>
>
Received on Saturday, 1 August 2015 02:54:13 UTC

This archive was generated by hypermail 2.3.1 : Saturday, 1 August 2015 02:54:13 UTC